<?php

namespace Aws\S3;

use Aws\Credentials\CredentialsInterface;
use GuzzleHttp\Psr7\Uri;
use Aws\Signature\SignatureTrait;
use Aws\Signature\SignatureV4 as SignatureV4;
use Aws\Api\TimestampShape as TimestampShape;

/**
 * Encapsulates the logic for getting the data for an S3 object POST upload form
 *
 * @link http://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPOST.html
 * @link http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html
 */
class PostObjectV4 {
	use SignatureTrait;

	private $client;
	private $bucket;
	private $formAttributes;
	private $formInputs;

	/**
	 * Constructs the PostObject.
	 *
	 * The options array accepts the following keys:
	 * @link http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
	 *
	 * @param S3ClientInterface $client Client used with the POST object
	 * @param string $bucket Bucket to use
	 * @param array $formInputs Associative array of form input
	 *                                      fields.
	 * @param array $options Policy condition options
	 * @param mixed $expiration Upload expiration time value. By
	 *                                      default: 1 hour valid period.
	 */
	public function __construct(
		S3ClientInterface $client,
		                  $bucket,
		array             $formInputs,
		array             $options = [],
		                  $expiration = '+1 hours'
	) {
		$this->client = $client;
		$this->bucket = $bucket;

		// setup form attributes
		$this->formAttributes = [
			'action' => $this->generateUri(),
			'method' => 'POST',
			'enctype' => 'multipart/form-data'
		];

		$credentials = $this->client->getCredentials()->wait();

		if($securityToken = $credentials->getSecurityToken()) {
			$options [] = ['x-amz-security-token' => $securityToken];
			$formInputs['X-Amz-Security-Token'] = $securityToken;
		}

		// setup basic policy
		$policy = [
			'expiration' => TimestampShape::format($expiration, 'iso8601'),
			'conditions' => $options,
		];

		// setup basic formInputs
		$this->formInputs = $formInputs + ['key' => '${filename}'];

		// finalize policy and signature

		$this->formInputs += $this->getPolicyAndSignature(
			$credentials,
			$policy
		);
	}

	/**
	 * Gets the S3 client.
	 *
	 * @return S3ClientInterface
	 */
	public function getClient() {
		return $this->client;
	}

	/**
	 * Gets the bucket name.
	 *
	 * @return string
	 */
	public function getBucket() {
		return $this->bucket;
	}

	/**
	 * Gets the form attributes as an array.
	 *
	 * @return array
	 */
	public function getFormAttributes() {
		return $this->formAttributes;
	}

	/**
	 * Set a form attribute.
	 *
	 * @param string $attribute Form attribute to set.
	 * @param string $value Value to set.
	 */
	public function setFormAttribute($attribute, $value) {
		$this->formAttributes[$attribute] = $value;
	}

	/**
	 * Gets the form inputs as an array.
	 *
	 * @return array
	 */
	public function getFormInputs() {
		return $this->formInputs;
	}

	/**
	 * Set a form input.
	 *
	 * @param string $field Field name to set
	 * @param string $value Value to set.
	 */
	public function setFormInput($field, $value) {
		$this->formInputs[$field] = $value;
	}

	private function generateUri() {
		$uri = new Uri($this->client->getEndpoint());

		if($this->client->getConfig('use_path_style_endpoint') === true
			|| ($uri->getScheme() === 'https'
				&& strpos($this->bucket, '.') !== false)
		) {
			// Use path-style URLs
			$uri = $uri->withPath("/{$this->bucket}");
		} else {
			// Use virtual-style URLs if haven't been set up already
			if(strpos($uri->getHost(), $this->bucket.'.') !== 0) {
				$uri = $uri->withHost($this->bucket.'.'.$uri->getHost());
			}
		}

		return (string)$uri;
	}

	protected function getPolicyAndSignature(
		CredentialsInterface $credentials,
		array                $policy
	) {
		$ldt = gmdate(SignatureV4::ISO8601_BASIC);
		$sdt = substr($ldt, 0, 8);
		$policy['conditions'][] = ['X-Amz-Date' => $ldt];

		$region = $this->client->getRegion();
		$scope = $this->createScope($sdt, $region, 's3');
		$creds = "{$credentials->getAccessKeyId()}/$scope";
		$policy['conditions'][] = ['X-Amz-Credential' => $creds];

		$policy['conditions'][] = ['X-Amz-Algorithm' => "AWS4-HMAC-SHA256"];

		$jsonPolicy64 = base64_encode(json_encode($policy));
		$key = $this->getSigningKey(
			$sdt,
			$region,
			's3',
			$credentials->getSecretKey()
		);

		return [
			'X-Amz-Credential' => $creds,
			'X-Amz-Algorithm' => "AWS4-HMAC-SHA256",
			'X-Amz-Date' => $ldt,
			'Policy' => $jsonPolicy64,
			'X-Amz-Signature' => bin2hex(
				hash_hmac('sha256', $jsonPolicy64, $key, true)
			),
		];
	}
}
